As a seasoned crypto investor with a decade of experience under my belt, I’ve seen my fair share of ups and downs in this wild world of digital assets. The recent exploit of DeFi project Penpie, while disheartening, doesn’t exactly surprise me. It’s like finding out that the neighbor’s dog has a penchant for chewing shoes – unfortunate, but not entirely unexpected.
The Decentralized Finance (DeFi) platform Penpie suffered an exploit, resulting in the loss of millions of dollars’ worth of various cryptocurrencies. In response to this incident, the underlying protocol Pendle shared a post-mortem analysis, disclosing that they successfully prevented additional losses estimated at over $100 million from users’ assets
Crypto Hacker Drains Millions From DeFi Protocol
On Tuesday, the DeFi project Penpie, an independent yield optimizer based in Pendle, experienced over $20 million worth of funds being drained from its protocol. According to reports, a malicious user took advantage of a weakness in Penpie’s reward distribution system and made off with various cryptocurrencies, such as Ethena Staked USDe (sUSDe), wrapped USDC, and staked Ether (ETH)
Based on information from security firm PeckShield, the person taking advantage of the system employed a “malicious market” contract to artificially increase their staking balance and receive rewards they were not entitled to. This vulnerability in the system was confirmed to be associated with a unique feature of Pendle, known as “permissionless listing of Pendle markets on Penpie,” which allows for the unregulated addition of Pendle markets on the Penpie platform
) The theft of cryptocurrencies amounted to approximately $7.87 million in wstETH, $2.51 million in sUSDe, $3.4 million in agETH, $2.22 million in rswETH, and around four other Yield tokens associated with Pendle. After the breach, the hacker exchanged these digital assets for 11,113 ETH using the Li.fi exchange protocol
According to the report, an amount of money equivalent to $27.3 million that had been illegally obtained was moved into the cryptocurrency blending service known as Tornado Cash. By Wednesday morning, it was reported that the culprit transferred over 3,000 Ether, approximately $7.2 million, into this mixing service
The Penpie Team communicated with the perpetrator, suggesting they find a peaceful resolution to the issue at hand. As the incident exposed the project’s weakness, and the exploit played a key role in highlighting it, they offered a reward under the white hat bounty program for the safe recovery of the funds
Furthermore, they presented the potential threat actor with a chance to “shift to a ethical-hacker position, where your abilities will be recognized and compensated.” The team guaranteed that the hacker’s identity would stay anonymous and no legal actions would be initiated against them
At present, there’s been no news about a settlement emerging between the exploiter and the team responsible for the protocol
Post-Mortem: Quick Response Prevents Further Losses
On Wednesday morning, Pendle’s team published an analysis of the recent event in a post. In this post, the DeFi protocol outlined that by acting swiftly and effectively, they managed to prevent additional losses to Penpie’s resources
According to Pendle, their “instant in-office surveillance system” quickly flagged unusual behavior when the contract received 10 ETH from Tornado Cash, which happened a few hours prior to the heist
As soon as the first assault occurred, all parties had already taken notice of the warning signs and swiftly took action to defend the project’s environment against further attacks. Approximately twenty minutes following the exploit, the team halted all contracts on Pendle, a move that appears to have minimized additional losses and successfully secured $105 million worth of cryptocurrency assets from Penpie
The DeFi protocol reached out to other projects based in Pendle, such as Equilibria and StakeDAO, to verify if they were under threat and evaluate the situation. Upon investigating, the team concluded that the Penecosystem was secure and the attack was isolated to Penpie only. Subsequently, the team resumed normal operations
A security breach targeting Penpie led to some loss of funds. In response, Pendle promptly paused our contracts, effectively safeguarding ~$105M that could have been further drained from Penpie. Thanks to coordinated efforts from multiple parties, further breaches were mitigated, and Pendle contracts have now been unpaused. Normal operations have resumed.
In the end, Pendle’s team reassured users that their funds had always been safe, and they were not impacted by the exploit
Read More
- LUNC PREDICTION. LUNC cryptocurrency
- SOL PREDICTION. SOL cryptocurrency
- BTC PREDICTION. BTC cryptocurrency
- USD COP PREDICTION
- BICO PREDICTION. BICO cryptocurrency
- USD ZAR PREDICTION
- USD PHP PREDICTION
- VANRY PREDICTION. VANRY cryptocurrency
- USD CLP PREDICTION
- NAKA PREDICTION. NAKA cryptocurrency
2024-09-05 17:27